Thursday, August 30, 2007

To give myself some small sense of how confused users will be when confronted with mashed-up identity systems, I've created an account at OpenID France.

Canadianness notwithstanding, "Je ne parle pas le Francais".

Even though there was only a single system in play, I expect that the frustration I felt from initially trying to present my OpenID there (unsuccessfully, I eventually realized it's a FOP (French OP) and not a FRP) is representative of future user confusion when confronted with new & unfamiliar identity UI (granted that most users will not chant poorly-pronounced French-Canadian curses referencing Catholic icons under their breath in order to deal with said frustration).

Ah, OK, so this card thingy carries my OpenID thingy (which sometimes I just type in?) and its a managed thingy I think whatever that is, and because the card thingy has a pin thingy assigned I have to sign-in to the OpenID thingy both here and when I get sent over to the OpenID place when normally I just do that once but thats OK because I've used my cat's name for both, and by the way WTF is a SAML?

Tuesday, August 28, 2007

From Vikram, news of an interesting initiative from the Australian government.

I know that I personally spend an inordinate amount of time searching for free porn so this filter would definitely be of interest to me (once all preset 'wombat' and 'koala' keywords had been removed).

now that's some XML! With the logical pieces marked up in this manner, I would quickly whip up some XSLT to do some powerful processing of the token contents. For instance, color everything red. Or make it blink.

From MSNBC, this piece on parents buying domain names for their kids (and even choosing names based on availability).

A little bit of HTML redirection and these kids will be off to the login races as soon as they can say 'user-centric'.

I shouldn't judge. Hell, I named my daughter after an identity protocol. Ophelia Pauline Edna Nicki Irene Daphne loves her name. There is that Samantha kid in the neighborhood that teases for her lack of a certification program though.

Thursday, August 09, 2007

I was reading a LinkedIn profile of somebody who shall remain anon. Under 'Interests', they described their musical taste as 'eclectic' - citing various strangely named artists as evidence.

Why should I believe such a self-assertion, especially when the claimed attribute in question is generally considered a 'good thing'?

It's easy to claim eclectic musical taste, just as it's easy to claim a wide & varied range of reading material (I'm flipping back and forth between Proust & Homer's Iliad as I write this). Both claims are like a personal profile saying 'attractive' - sure, sure, I believe you but show me the head shot anyways.

Now, if the claim for eclectic were supported by demonstrated variety in listening habits, that might be a different situation. For instance, if the user's play list showed they listened to Bjork's Greatest Hits, followed by Debussy, I might start to believe that their taste was indeed eclectic. Bad, but eclectic nevertheless.

Seems to me that this sort of attention data (for which the effort of spoofing would be greater than any value derived therein) is therefore somewhere between self-asserted & 3rd-party asserted identity in terms of it's 'believability' (all else being equal).

I wish social sites forced me (and others) to apply some level of selectivity in creating my network.

Lots of cell providers are offering plans where the customer gets unlimited calls/chats - but only to a prescribed set of friends/family members. As the size of this social network is constrained (and there is a cost to the customer), the customers will choose its members carefully. Also, knowing that they were selected/invited with care, its members would (might) appreciate the honour.

Would that the same effect applied in social sites, where there is almost no cost for sending an invite. To the sender that is, the cost (of reading the email, trying to remember a relationship, logging in, accepting the invite, etc) is borne by the invitee. I bet few people get invites from un (or barely) known strangers to join such a 'calling circle'.

I predict that, eventually, providers will offer tiered discounts to 'friends of a friend'. For instance, I'd get free calls to my 1st tier 5 friends, 50% off for the 25 members of the 2nd tier, etc. I expect I'll have to pay full rate to call Kevin Bacon.

Tuesday, August 07, 2007

Some are trivial, others (like this one from Facebook) have me squinting at the screen trying out different letters.Do sites go through a 'Catcha Complexity Review Process' before deciding on the appropriate difficulty?

Do we need syntax to describe the things ala SAML's Authentication Context for describing how users login?

I can't think why, Facebook offers me nothing I want, or don't already have elsewhere, and just about everybody else I know says they created an account only grudgingly (or for 'research') but hey, you can't fight trends.

Has there ever been a group less like the originally targeted demographic? My little network is geeky with a capital 'G'. We are the anti-thesis of cool college students. We surely understand more about the identity issues Facebook creates than WTF most account holders are even talking about - or the social reality in which they live.

Let's face it, my network is doing nothing to help my 'cool factor' (which will only drop precipitously whenever Conor creates an account). These people are holding me back from reaching my full social potential (admittedly as does my wearing of cardigans and the need to go to bed at 9.30).

Except for Joni, my token cool person. Joni stays up late, is a musician, and drinks martinis. Joni is cool with a capital 'C'.

Joni is my 'bridge' to coolness. Through her, I'm connected to the great unwashed (but socially current) masses. Through Joni, I learn about 'tracks', how to say 'wassup', and when to wear scarfs.

Like at Remagen, I will defend this bridge against any who would see it as their own easy route to the other side. You know who you are.

This is not your normal identity award - it's much bigger than that. I wish there was a word to describe how big. And how unique. And new. A word (or perhaps a prefix) that would make clear that this award transcends boundaries, transcends particular technologies, even transcends politics and competitive standardization strategies.

Friday, August 03, 2007

I hope this message finds you well (i.e. not diced up into quarters :-) )

It has been pointed out to me that the last message I sent you regarding the 'project' was encrypted using an insufficiently large cryptographic key.

While I am sure there is no cause for concern (Walsingham and his Protestant lackeys couldn't decrypt their way out of a paper sack) I shudder to think what might be the consequences were they able to either read our modify our correspondence....

Just in the last 2 hours, I came across two, that from Anywhere.FM pictured here

Is there irony in the use of a visual paradigm that might actually simplify a phisher's life (by giving them license to both blur the page details that might alert the user and that removes the burden of building fully functional (i.e. clickable) pages for authentication? If I was a phisher, I'd take a screen capture of the real site, add a grayish & partially-transparent layer in Photoshop, and be off to the races.

The Identity Metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers.

The event was specific to a single protocol. There have been numerous single protocol demonstrations of similar interoperability for SAML & ID-WSF over the last few years but nobody felt compelled to apply 'meta' as a descriptor (although I expect the marketing people wanted to).

Bob does acknowledge that the metasystem he refers to is early days and that the event identified a number of issues that the community of selectors, IDPs, and RPs need to resolve. My objection to the use of 'meta' is not that what was demonstrated is not fully-formed & complete, rather that, even once these issues are resolved, the result will be 'merely' a system - as the issues he hilites (e.g. card acquisition & presentation) are all specific to the Cardspace 'biosphere'.

These are important issues, but different than those that confront the metasystem.

Wednesday, August 01, 2007

There should be a name for this social effect, is there?Paul Downey's picture of me in front of a screen shows Eve in the act of taking a picture (of me in front of the same screen).

If only Eve's photo had happened to catch somebody else taking a picture of me in which they captured Paul D. taking his photo of me etc .... we'd have a wonderful little social network (centered on me which is even more wonderful).